Security News
It’s happened. Details here, and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and...
Meta is introducing default end-to-end encryption for chats and calls across Messenger and Facebook, the company revealed on Wednesday. "We've introduced new privacy, safety and control features along the way like delivery controls that let people choose who can message them, as well as app lock, alongside existing safety features like report, block and message requests," said Loredana Crisan, Head of Messenger at Meta.
Meta has announced that the immediate availability of end-to-end encryption for all chats and calls made through the Messenger app, as well as the Facebook social media platform.E2EE has been available in the Messenger app as an optional feature called "Secret Conversations" since 2016 but Meta says it now enables it by default for all users as an additional layer of security.
Compromised Facebook business accounts are being used to run bogus ads that employ "revealing photos of young women" as lures to trick victims into downloading an updated version of a malware...
The European Data Protection Board has extended the temporary ban on targeted advertising on Facebook and Instagram, imposed by the Norwegian Data Protection Authority in July. The European watchdog's 27 October urgent binding decision instructs Ireland's Data Protection Commission to ban the processing of personal data for behavioral advertising across the entire European Economic Area within two weeks.
Norway has told the European Data Protection Board it believes a countrywide ban on Meta harvesting user data to serve up advertising on Facebook and Instagram should be made permanent and extended across Europe. The Scandinavian country's Data Protection Authority, Datatilsynet, had been holding back Facebook parent Meta from scooping up data on its citizens with the threat of fines of one million Kroner per day if it didn't comply.
An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities. First documented by Meta in May 2023, NodeStealer originated as a JavaScript malware capable of pilfering cookies and passwords from web browsers to compromise Facebook, Gmail, and Outlook accounts.
Hijackers of Facebook business accounts are relying on fake business inquiries and threats of page/account suspension to trick targets into downloading password-stealing malware. Hijacked Facebook business accounts a great way to reach a broad audience with ads and more scams.
Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware. The researchers report roughly 100,000 phishing messages per week, sent mainly to Facebook users in North America, Europe, Australia, Japan, and Southeast Asia.. Guardio Labs reports that the scale of the campaign is such that approximately 7% of all of Facebook's business accounts have been targeted, with 0.4% having downloaded the malicious archive.
A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "Swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' accounts. "Originating yet again from a Vietnamese-based group, this campaign uses a tiny compressed file attachment that packs a powerful Python-based stealer dropped in a multi-stage process full of simple yet effective obfuscation methods," Guardio Labs researcher Oleg Zaytsev said in an analysis published over the weekend.